On Wed, 30 Jul 2008, Alvaro Herrera wrote:
I think being able to return cstring from a user defined function is quite dangerous already. I doubt we would ever give that capability to non-superusers. I do agree that creating base types should require a superuser though. It too seems dangerous just on principle, even if today there's no actual hole (that we already know of).
pl/java already allows non-superusers to create functions returning cstring and base types built off of these functions. It seems safe to me if pl/java is doing the construction of cstring from a user provided java.lang.String.
http://wiki.tada.se/display/pljava/Creating+a+Scalar+UDT+in+Java Kris Jurka -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers